<html>
<head><meta charset="utf-8"><title>hello · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html">hello</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="135933957"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135933957" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Welcome Bot <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135933957">(Oct 16 2018 at 22:19)</a>:</h4>
<p>Welcome to <a class="stream" data-stream-id="146229" href="/#narrow/stream/146229-wg-secure-code">#wg-secure-code</a>.</p>
<p><strong>Description</strong>: Secure code working group <a href="https://github.com/rust-secure-code/wg/" target="_blank" title="https://github.com/rust-secure-code/wg/">https://github.com/rust-secure-code/wg/</a></p>



<a name="135934020"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934020" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934020">(Oct 16 2018 at 22:20)</a>:</h4>
<p><span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> done</p>



<a name="135934027"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934027" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934027">(Oct 16 2018 at 22:20)</a>:</h4>
<p>I'll add this to the "default streams", but existing users will have to add themselves</p>



<a name="135934032"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934032" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934032">(Oct 16 2018 at 22:20)</a>:</h4>
<p>(or you can add them)</p>



<a name="135934051"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934051" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934051">(Oct 16 2018 at 22:20)</a>:</h4>
<p>(I always put all streams in the default set, because people get confused otherwise)</p>



<a name="135934065"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934065" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934065">(Oct 16 2018 at 22:21)</a>:</h4>
<p>Alright, thanks so much! Is there a notion of being a mod in a particular stream? I know Ashley wanted somebody to be able to mod this stream.</p>



<a name="135934076"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934076" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934076">(Oct 16 2018 at 22:21)</a>:</h4>
<p>hmm, I don't know precisely how that works. I can add some set of folks as Zulip admins if nothing else</p>



<a name="135934137"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934137" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934137">(Oct 16 2018 at 22:22)</a>:</h4>
<p><span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> can you ping me about that tomorrow? I gotta run now =)</p>



<a name="135934148"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934148" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934148">(Oct 16 2018 at 22:22)</a>:</h4>
<p>Will do!</p>



<a name="135934766"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934766" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934766">(Oct 16 2018 at 22:33)</a>:</h4>
<p>hi everyone</p>



<a name="135934774"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934774" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934774">(Oct 16 2018 at 22:33)</a>:</h4>
<p>looks like the Zulip native app doesn't work with Google Auth + Advanced Protection <span class="emoji emoji-1f622" title="cry">:cry:</span></p>



<a name="135934819"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934819" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Stuart Small <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934819">(Oct 16 2018 at 22:34)</a>:</h4>
<p>Howdy</p>



<a name="135934829"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934829" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934829">(Oct 16 2018 at 22:34)</a>:</h4>
<p>let's try GitHub instead</p>



<a name="135934926"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135934926" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135934926">(Oct 16 2018 at 22:36)</a>:</h4>
<p>that worked</p>



<a name="135935290"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135935290" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135935290">(Oct 16 2018 at 22:44)</a>:</h4>
<p>Hi, I heard about the Rust secure code working group from Alex Gaynor and I was wondering if this is the best place (and the github group) to follow along?</p>



<a name="135935304"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135935304" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135935304">(Oct 16 2018 at 22:44)</a>:</h4>
<p>It is indeed.</p>



<a name="135935438"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135935438" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135935438">(Oct 16 2018 at 22:47)</a>:</h4>
<p>Thanks</p>



<a name="135935736"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135935736" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135935736">(Oct 16 2018 at 22:52)</a>:</h4>
<p>np</p>



<a name="135935851"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135935851" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135935851">(Oct 16 2018 at 22:55)</a>:</h4>
<p>Just to introduce myself, I'm a core developer of <a href="https://chromium.googlesource.com/chromiumos/platform/crosvm/" target="_blank" title="https://chromium.googlesource.com/chromiumos/platform/crosvm/">crosvm</a>, a virtual machine monitor written in Rust. Because it communicates directly with untrusted guest operating systems, it acts as a security boundary.</p>



<a name="135936368"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135936368" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135936368">(Oct 16 2018 at 23:06)</a>:</h4>
<p>I'm Tony Arcieri. I'm cofounder of <a href="https://iqlusion.io" target="_blank" title="https://iqlusion.io">https://iqlusion.io</a> and formerly worked on the Square security team. My most notable Rust projects are (by crate name) <code>miscreant</code>: an AES-SIV/AES-PMAC-SIV library, <code>signatory</code>: a multi-provider digital signature library, and <code>yubihsm</code>: a pure Rust YubiHSM2 client library</p>



<a name="135936529"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135936529" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135936529">(Oct 16 2018 at 23:10)</a>:</h4>
<p>I'm Joshua Liebow-Feeser. I'm on the security team for Google's Fuchsia OS. My most notable Rust projects are probably the elfmalloc allocator suite (<a href="https://github.com/ezrosent/allocators-rs" target="_blank" title="https://github.com/ezrosent/allocators-rs">https://github.com/ezrosent/allocators-rs</a>), but more recently, I've been working on lots of utility crates to save programmers from having to write <code>unsafe</code>. I'm talking about some of that stuff at Rust Belt Rust this week.</p>



<a name="135936612"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135936612" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135936612">(Oct 16 2018 at 23:12)</a>:</h4>
<p>this crate might be of interest to some of you: a cross-platform secure memory zeroing crate. It's the sort of thing I think could be turned into an RFC. also I'd be interested in adding Fuchsia support if you can point me in the right direction: <a href="https://crates.io/crates/zeroize" target="_blank" title="https://crates.io/crates/zeroize">https://crates.io/crates/zeroize</a></p>



<a name="135936632"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135936632" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135936632">(Oct 16 2018 at 23:12)</a>:</h4>
<p>Let's go full Zulip and pull this into a new topic.</p>



<a name="135936633"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135936633" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135936633">(Oct 16 2018 at 23:13)</a>:</h4>
<p>there are several crates which do that sort of thing but to my knowledge ^^^ is the only one that exclusively uses either OS or LLVM (on nightly) intrinsics to do secure zeroing</p>



<a name="135936644"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135936644" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135936644">(Oct 16 2018 at 23:13)</a>:</h4>
<p>haha great, although I have to run</p>



<a name="135941637"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135941637" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Stuart Small <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135941637">(Oct 17 2018 at 01:01)</a>:</h4>
<p>Since we are doing introductions.  I'm Stuart Small.  I'm work at Threat X (<a href="http://threatx.com" target="_blank" title="http://threatx.com">threatx.com</a>).  We are a WAF vendor is out to make deploying WAFs a painfree, productive process and not just another compliance check box.  Our back end is almost completely written in rust.</p>



<a name="135943552"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135943552" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135943552">(Oct 17 2018 at 01:55)</a>:</h4>
<p>It's clearly unacceptable to have both <span class="user-mention" data-user-id="132722">@Stuart Small</span>'s and <span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span>'s avatars. I'll never be able to remember who is who.</p>



<a name="135943597"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135943597" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135943597">(Oct 17 2018 at 01:56)</a>:</h4>
<blockquote>
<p>It's clearly unacceptable to have both <span class="user-mention" data-user-id="132722">@Stuart Small</span>'s and <span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span>'s avatars. I'll never be able to remember who is who.</p>
</blockquote>
<p>I'm really glad that I wasn't the only one thinking that.</p>



<a name="135943604"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135943604" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Stuart Small <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135943604">(Oct 17 2018 at 01:57)</a>:</h4>
<p>That's baby's first computer back in the long long ago.</p>



<a name="135943739"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135943739" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135943739">(Oct 17 2018 at 02:00)</a>:</h4>
<p><span class="emoji emoji-1f44b" title="wave">:wave:</span>  I'm Alex. I do security for Firefox at Mozilla (primarily sandboxing, but also exploit mitigation and such). I'm also one of the primary developers of the Python Cryptographic Authority family of libraries and I'm on the Python Security Response Team. I also do a bunch of random security research on open source projects (e.g. helping projects integrate with OSS-Fuzz).</p>



<a name="135943808"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135943808" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135943808">(Oct 17 2018 at 02:02)</a>:</h4>
<p>Hi Alex. Thanks for showing me this group.</p>



<a name="135943823"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135943823" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135943823">(Oct 17 2018 at 02:03)</a>:</h4>
<p><span class="user-mention" data-user-id="132722">@Stuart Small</span> oh no, I was kidding! Now I feel bad.</p>



<a name="135943893"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/135943893" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Stuart Small <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#135943893">(Oct 17 2018 at 02:05)</a>:</h4>
<p>LOL don't!</p>



<a name="136067543"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/136067543" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#136067543">(Oct 18 2018 at 19:56)</a>:</h4>
<p>I'm Sergey Davidoff. My day job is not related to security - I got hired by Google, going to work on Kubernetes starting November. <br>
My involvement in Rust was mostly about fuzzing all the things and blogging about it. You might remember me by "<a href="https://redd.it/8zpp5f" target="_blank" title="https://redd.it/8zpp5f">Auditing popular crates: how a one-line unsafe has nearly ruined everything</a>" post. My blogging has inspired <a href="https://github.com/blt/bughunt-rust" target="_blank" title="https://github.com/blt/bughunt-rust">https://github.com/blt/bughunt-rust</a> among other things. I've also written <a href="https://github.com/Shnatsel/libdiffuzz" target="_blank" title="https://github.com/Shnatsel/libdiffuzz">libdiffuzz</a>, the security-oriented substitute for Memory Sanitizer.</p>



<a name="136102150"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/136102150" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Bujiraso <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#136102150">(Oct 19 2018 at 10:17)</a>:</h4>
<p>very new to Zulip. Testing out replying in a thread. Hey all</p>



<a name="137152010"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/137152010" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#137152010">(Nov 04 2018 at 10:58)</a>:</h4>
<p>Just a heads-up: I've relocated to Warsaw permanently, and will be at Zurich 6th to 10th of November and also sometime at the end of November for a week. Will mostly be hanging out near Google offices in both cities. If you want to meet up and chat, let me know!</p>



<a name="146828683"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146828683" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146828683">(Nov 05 2018 at 22:15)</a>:</h4>
<p>Hi, I'm Louis (and late to the party). I'm a undergrad with interests in security(duh)/cryptography. The amount of work I can contribute is most likely slim (I've read through some of the streams, much is over my head atm), but I'll call out if I see something I can be of help with.</p>



<a name="146828891"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146828891" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146828891">(Nov 05 2018 at 22:18)</a>:</h4>
<p>You're the Orion author, right? Welcome aboard <span class="emoji emoji-26f5" title="sailboat">:sailboat:</span></p>



<a name="146829257"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146829257" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146829257">(Nov 05 2018 at 22:24)</a>:</h4>
<p>That I am <span class="emoji emoji-1f642" title="slight smile">:slight_smile:</span> and thank you!</p>



<a name="146829922"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146829922" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146829922">(Nov 05 2018 at 22:35)</a>:</h4>
<p>TBH, I'm somewhat flattered you've even heard of it</p>



<a name="146830305"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146830305" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146830305">(Nov 05 2018 at 22:42)</a>:</h4>
<p>I just so happen to have been looking for some decent nacl/libsodium implementations for Rust.</p>



<a name="146830537"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146830537" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146830537">(Nov 05 2018 at 22:47)</a>:</h4>
<p>Which did you end up with?</p>



<a name="146830550"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146830550" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146830550">(Nov 05 2018 at 22:47)</a>:</h4>
<p>I have not finished deciding. Do you have a favorite?</p>



<a name="146830865"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146830865" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146830865">(Nov 05 2018 at 22:54)</a>:</h4>
<p>If you don't mind wrappers then I'd suggest <code>sodiumoxide</code>, which is the only libsodium Rust lib I know of that is used in production. Currently being used by Wire for their Axolotl protocol implementation "Proteus". "Proteus" has been audited and that lead to some parts of <code>sodiumoxide</code> being audited too. In terms of pure-Rust, I actually think <code>orion</code> is the only lib to offer the XChaCha20Poly1305 AEAD (sodiumoxide does, but not in the version published on <a href="http://crates.io" target="_blank" title="http://crates.io">crates.io</a>), but of course it always depends on what you need.</p>



<a name="146886452"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146886452" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146886452">(Nov 06 2018 at 19:12)</a>:</h4>
<p><span class="user-mention" data-user-id="126966">@brycx</span> yeh we are a bit behind on releasing stuff and moving things forward. If anyone wants to join in and help us let me know :)</p>



<a name="146893709"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146893709" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146893709">(Nov 06 2018 at 20:55)</a>:</h4>
<p>I might actually consider it myself. I've been meaning to get my feet wet with some FFI anyway. I'll take a look at the issues and see if something is up my ally.</p>



<a name="146893927"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146893927" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146893927">(Nov 06 2018 at 20:58)</a>:</h4>
<p>I believe <span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> has a crate that's public but not yet announced that provides safe abstractions for many common unsafe operations</p>



<a name="146894216"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146894216" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146894216">(Nov 06 2018 at 21:01)</a>:</h4>
<p>I think <span class="user-mention" data-user-id="120823">@DPC</span> was talking about <code>sodiumoxide</code>.</p>



<a name="146894239"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146894239" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146894239">(Nov 06 2018 at 21:01)</a>:</h4>
<p>yep I was :D</p>



<a name="146894464"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146894464" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146894464">(Nov 06 2018 at 21:04)</a>:</h4>
<p>Do crypto libraries fall under the purview of wg-secure-code? I ask because I was about to break sodiumoxide into a separate stream.</p>



<a name="146894726"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146894726" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146894726">(Nov 06 2018 at 21:08)</a>:</h4>
<p>I actually think they were specifically decided to be out-of-scope <a href="https://internals.rust-lang.org/t/proposal-security-working-group/8282/134" target="_blank" title="https://internals.rust-lang.org/t/proposal-security-working-group/8282/134">https://internals.rust-lang.org/t/proposal-security-working-group/8282/134</a> <span class="emoji emoji-1f613" title="sweat">:sweat:</span></p>



<a name="146894748"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146894748" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146894748">(Nov 06 2018 at 21:08)</a>:</h4>
<p>we have our own gitter channel though. So anyone interested can join us there. <a href="https://gitter.im/rust-sodiumoxide/Lobby" target="_blank" title="https://gitter.im/rust-sodiumoxide/Lobby">https://gitter.im/rust-sodiumoxide/Lobby</a></p>



<a name="146898078"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146898078" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146898078">(Nov 06 2018 at 21:58)</a>:</h4>
<p><span class="user-mention" data-user-id="126966">@brycx</span> If you're interested in FFI, you might want to check out what we've done in Mundane. It's internal right now, but I've had on the back burner the idea of factoring the FFI stuff out into its own crate. I'm not going to get around to it any time soon, so if you'd like to work on that, that'd be awesome! See here for details on how we do it: <a href="https://github.com/google/mundane/blob/master/src/boringssl/mod.rs" target="_blank" title="https://github.com/google/mundane/blob/master/src/boringssl/mod.rs">https://github.com/google/mundane/blob/master/src/boringssl/mod.rs</a></p>



<a name="146899531"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146899531" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146899531">(Nov 06 2018 at 22:22)</a>:</h4>
<p>I actually stumbled across Mundane while searching for some test vectors for my own project. Didn't know Mundane needed work. It's nice that it's interfacing with BoringSSL, might even be that I can look at ring's FFI for reference to get an easier start on it (still going to take me a decent amount of time anyway I think). I'll definitely be looking further into this. Thanks <span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span>.</p>



<a name="146899841"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/146899841" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#146899841">(Nov 06 2018 at 22:27)</a>:</h4>
<p>np!</p>



<a name="147594608"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/147594608" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#147594608">(Nov 13 2018 at 14:33)</a>:</h4>
<p>can still talk about crypto libraries <span class="emoji emoji-1f609" title="wink">:wink:</span> oh look, here's one <a href="https://joshlf.com/post/2018/11/06/introducing-mundane/" target="_blank" title="https://joshlf.com/post/2018/11/06/introducing-mundane/">https://joshlf.com/post/2018/11/06/introducing-mundane/</a></p>



<a name="160648782"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160648782" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DevQps <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160648782">(Mar 13 2019 at 09:47)</a>:</h4>
<p>Assuming the reason that this channel is called hello for saying hello: Hello! :) I just graduated from my master Computer Science with a specialization on Cyber security. I have been learning Rust for the past 3/4 months and I really love the language. Then I saw this Working Group fly by and I thought: Maybe I can be of any assistance here? Can you guys maybe point me to the right things to get up to date with everything? Thanks in advance!</p>



<a name="160719750"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160719750" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160719750">(Mar 13 2019 at 19:25)</a>:</h4>
<p>Hey <span class="user-mention" data-user-id="213094">@DevQps</span>! We have a roadmap post for this year with lots and lots of links, it should get you up to speed: <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39">https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39</a></p>



<a name="160720307"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160720307" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DevQps <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160720307">(Mar 13 2019 at 19:32)</a>:</h4>
<p>Thanks! I was off the whole midday, so I actually already read through the entire post and crawled all the links haha. It really was interesting! Do you suggest reading through the topics inside this Stream and join the crew at one I like? Or do you have any particular area's or topics in mind that could use an extra brain? EDIT: I read somewhere that you were the author, so kudo's to writing it as well. It's really nice in my opinion</p>



<a name="160722065"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160722065" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160722065">(Mar 13 2019 at 19:57)</a>:</h4>
<p>If you want to do something useful to the community without committing to a big project, I'd start here: <a href="https://github.com/rust-secure-code/wg/issues/19" target="_blank" title="https://github.com/rust-secure-code/wg/issues/19">https://github.com/rust-secure-code/wg/issues/19</a><br>
Just find a crate you like that has unsafe code in it and see what you can do about removing that.</p>



<a name="160722173"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160722173" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160722173">(Mar 13 2019 at 19:59)</a>:</h4>
<p>If you can't pick a project, <a href="https://github.com/PistonDevelopers/image" target="_blank" title="https://github.com/PistonDevelopers/image">https://github.com/PistonDevelopers/image</a> is probably a good start - it has some unsafe code that should not really be necessary.</p>



<a name="160722218"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160722218" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160722218">(Mar 13 2019 at 19:59)</a>:</h4>
<p>Or if you want to get your feet wet with fuzzing, it has plenty of panics you can find that way. Most of it was last fuzzed ~2 years ago, they've introduced a lot of bugs since then.</p>



<a name="160722458"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160722458" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DevQps <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160722458">(Mar 13 2019 at 20:02)</a>:</h4>
<p>Sounds good to me! I'll see what I can do in the next weeks! I'll probably give my piece of mind at some topics as well :)</p>



<a name="160722539"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160722539" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160722539">(Mar 13 2019 at 20:03)</a>:</h4>
<p><a href="https://github.com/sile/libflate" target="_blank" title="https://github.com/sile/libflate">https://github.com/sile/libflate</a> definitely could be stripped of some of its unsafes without performance hit. I have found one out-of-bounds read bug in it already. <br>
<a href="https://github.com/m4b/goblin" target="_blank" title="https://github.com/m4b/goblin">https://github.com/m4b/goblin</a> also has unsafe in ELF parser where it's not really required.<br>
<a href="https://github.com/ruuda/claxon" target="_blank" title="https://github.com/ruuda/claxon">https://github.com/ruuda/claxon</a> also probably could be refactored to get rid of unsafes</p>



<a name="160722568"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160722568" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DevQps <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160722568">(Mar 13 2019 at 20:03)</a>:</h4>
<p>Thanks for the pointers!</p>



<a name="160723302"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160723302" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160723302">(Mar 13 2019 at 20:13)</a>:</h4>
<p>Ooof, libflate got hit by another out-of-bounds read: <a href="https://github.com/sile/libflate/issues/21" target="_blank" title="https://github.com/sile/libflate/issues/21">https://github.com/sile/libflate/issues/21</a><br>
<span class="user-mention" data-user-id="213094">@DevQps</span> definitely prioritize libflate for <code>unsafe</code>-purging!</p>



<a name="160723404"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160723404" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160723404">(Mar 13 2019 at 20:14)</a>:</h4>
<p>Also, <span class="user-mention" data-user-id="213094">@DevQps</span> , when you're doing that, it'd be good to keep a record of what the purpose of the original unsafe code was. We're trying to get a sense for what people are using unsafe for so we know what utilities to write to obviate their need to do that.</p>



<a name="160735364"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160735364" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DevQps <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160735364">(Mar 13 2019 at 23:00)</a>:</h4>
<p>It's 0:00 and I need to work tomorrow morning, but with a bit of luck I'll be able to work on it during the midday! I'll let you know if I have any results. <span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> I will do that as well!</p>



<a name="160735788"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/hello/near/160735788" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DevQps <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/hello.html#160735788">(Mar 13 2019 at 23:08)</a>:</h4>
<blockquote>
<p>Ooof, libflate got hit by another out-of-bounds read: <a href="https://github.com/sile/libflate/issues/21" target="_blank" title="https://github.com/sile/libflate/issues/21">https://github.com/sile/libflate/issues/21</a><br>
<span class="user-mention silent" data-user-id="213094">DevQps</span> definitely prioritize libflate for <code>unsafe</code>-purging!</p>
</blockquote>
<p>It seems like someone already fixed it but forgot to close the issue! (At least he said he fixed it in a commit inside master). I heard some stories about patching using cargo yank, but I am not yet too familiar with that. I hope to read on that soon as well. I wonder if the author that fixed the issue patched previous versions as well.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>